[SR-Users] Authentication Feature Question
Ali Jawad
ali.jawad at splendor.net
Tue Jan 3 16:12:05 CET 2012
Hi Daniel
This certainly makes sense, I will try it in a few mins, but what I
observed at Debug Level 3 is that Hash is calculated before
www_authenticate is executed and it shows HA comparison failed, if I
do use domain.com instead of $fd and use $domain.com in db domain
field and build HA1 filed based on that, wont Kamailio still try to
build the HA1 hash which it will compare form user:domain:pwd where
domain is fed in to the hash function from the header of the SIP
packet ?
Regards
On Tue, Jan 3, 2012 at 5:07 PM, Daniel-Constantin Mierla
<miconda at gmail.com> wrote:
> Hello,
>
> you can simply use 'domain.com' as realm parameter to authentication
> function instead of $fd. Also build ha1 and ha1b with domain.com and then
> you are safe no matter which sip server is used.
>
> Of course you can build the realm by striping first token before '.' in $fd
> and pass it to authentication functions, but not sure if makes sense since
> it should be always domain.com
>
> Cheers,
> Daniel
>
>
> On 1/3/12 3:15 PM, Ali Jawad wrote:
>>
>> Hi
>> After some research it seems to me that the only way to achieve this
>> is to "try" and change how hashing is done in the source code, a
>> little bit too ambitious for me, and it means I will have loads of
>> problems each time an upgrade is released.
>>
>> Or
>>
>> Use pseudovariables to fix the value of the $fd value to something
>> constant, while this worked for values like $var(y) I was not able to
>> assign/strip $fd to remove the subdomain part.
>>
>> Any input please ?
>>
>> Regards
>>
>> On Tue, Jan 3, 2012 at 2:06 PM, Ali Jawad<ali.jawad at splendor.net> wrote:
>>>
>>> Hi
>>> I do have 3 Kamailio servers, one for mobile phone registrations, one
>>> for softphone registrations and one for SIP device registrations. Each
>>> of those devices connects to it's perspective kamailio server
>>>
>>> sip1.domain.com
>>> sip2.domain.com
>>> sip3.domain.com
>>>
>>> All 3 Kamailio servers share the same database, and users can use
>>> their kamailio user/pwd on any of the devices, now I want to use
>>> encrypted passwords and remove clear text passwords from the database.
>>> I did test with one server and all is fine,however if a user want to
>>> register from the second kamailio server it does not work, basically
>>> because the db domain entry from which the hash is created is
>>> sip1.domain.com and stored in the db, while the user connects from to
>>> sip2.domain.com this eventually generates a different hash.
>>>
>>> Is there anyway to overcome this ? Can I exclude Domain from Hash
>>> generation ? Any other option that allows me to do the above ?
>>>
>>> Thanks
>>
>>
>>
>
> --
> Daniel-Constantin Mierla -- http://www.asipto.com
> http://linkedin.com/in/miconda -- http://twitter.com/miconda
>
--
Ali Jawad
Information Systems Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
More information about the sr-users
mailing list